The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Response Body

The response body is in the form of an RSS channel, and includes the items listed below. The RSS version is 1.0. Each item in the channel represents a valid action for the resource, and includes the information listed below.

Name

Type

Description

Workflow definition key

string

The name of the workflow.

State

string

The workflow state values depend on the workflow definition XML file. See Workflow States.

Error Codes/Messages

Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.